DMA Warns Marketers About P3P

The Direct Marketing Association is taking steps to alert member companies about new P3P standards enacted in Microsoft Corp.’s new Internet Explorer.

The New York-based association released a notice to members outlining the potential impacts of the browser’s implementation of P3P — Platform for Privacy Preferences.

“Are you aware that Microsoft has started to release its new browser, Internet Explorer, which incorporates … the P3P privacy platform?” the Association wrote. “If your Web site sets cookies — either by your own company or by third parties such as network advertisers, partners, affiliates and agents — then you must take certain steps to comply with Microsoft’s P3P setting so that your cookies will not be blocked or restricted when the site is visited.”

The P3P standard was developed by the World Wide Web Consortium, one of the chief Internet standards bodies, and specifies that sites’ privacy notices are interpretable by Web browsers. As a result, sites that don’t match consumers’ privacy preferences or allow them to opt-out could be blocked from, say, setting cookies.

Essentially, the version of P3P enacted in Microsoft’s Internet Explorer 6, which debuted in August, requires that compliant policies disclose the types of data collected, how data is collected, and which parties receive the data. An icon at the bottom of the browser screen alerts users to the fact that a site’s cookies were blocked.

Microsoft ships the browser with the “Medium” setting as the default — which blocks cookies coming from third-party sites without a P3P-compliant policy. (Cookies coming from the same domain as the site are not blocked, even if the site doesn’t have a policy.)

However, if the site has a P3P-compliant policy and doesn’t offer consumers the opportunity to opt-out of tracking, then under the “Medium” setting, the cookies will be set to expire once the user closes Internet Explorer — regardless of how long the publisher or marketer intended them to last.

If the site has a P3P-compliant policy that doesn’t cover third-party cookies — or those third-party cookies do not offer consumers the ability to opt-out — then those cookies will be blocked.

In addition to making sure that their privacy policies are P3P compliant, the DMA suggests members monitor and re-evaluate their policy regularly.

Several third-party ad servers say their policies are already P3P compliant. DoubleClick’s network cookie, for one, shouldn’t present a problem since the company had P3P privacy policy and opt-out controls in advance of IE6’s launch. Likewise, cookies delivered under 24/7 Real Media’s OpenAdStream don’t trigger the browser’s blocking capabilities. (However, 24/7’s ASP products Connect and OpenAdStreamCENTRAL both are blocked under the default IE setting.)

News Around the Web